8 /* This implementation support Openwall-style TCB passwords in place of
9 * traditional shadow, if the appropriate directories and files exist.
10 * Thus, it is careful to avoid following symlinks or blocking on fifos
11 * which a malicious user might create in place of his or her TCB shadow
12 * file. It also avoids any allocation to prevent memory-exhaustion
13 * attacks via huge TCB shadow files. */
15 static long xatol(char **s)
18 if (**s == ':' || **s == '\n') return -1;
19 for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
23 int __parsespent(char *s, struct spwd *sp)
26 if (!(s = strchr(s, ':'))) return -1;
30 if (!(s = strchr(s, ':'))) return -1;
33 s++; sp->sp_lstchg = xatol(&s);
34 if (*s != ':') return -1;
36 s++; sp->sp_min = xatol(&s);
37 if (*s != ':') return -1;
39 s++; sp->sp_max = xatol(&s);
40 if (*s != ':') return -1;
42 s++; sp->sp_warn = xatol(&s);
43 if (*s != ':') return -1;
45 s++; sp->sp_inact = xatol(&s);
46 if (*s != ':') return -1;
48 s++; sp->sp_expire = xatol(&s);
49 if (*s != ':') return -1;
51 s++; sp->sp_flag = xatol(&s);
52 if (*s != '\n') return -1;
56 static void cleanup(void *p)
61 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
63 char path[20+NAME_MAX];
67 size_t k, l = strlen(name);
73 /* Disallow potentially-malicious user names */
74 if (*name=='.' || strchr(name, '/') || !l)
77 /* Buffer size must at least be able to hold name, plus some.. */
78 if (size < l+100) return ERANGE;
80 /* Protect against truncation */
81 if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
84 fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
86 struct stat st = { 0 };
88 if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
89 pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
91 pthread_setcancelstate(cs, 0);
95 f = fopen("/etc/shadow", "rbe");
99 pthread_cleanup_push(cleanup, f);
100 while (fgets(buf, size, f) && (k=strlen(buf))>0) {
101 if (skip || strncmp(name, buf, l) || buf[l]!=':') {
102 skip = buf[k-1] != '\n';
105 if (buf[k-1] != '\n') {
110 if (__parsespent(buf, sp) < 0) continue;
114 pthread_cleanup_pop(1);